CVE-2020-11201

December 30, 2021

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

Summary:

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side’ in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P

Reference Links(if available):

  • https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin
  • https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/
  • https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/

  • CVSS Score (if available)

    v2: / MEDIUMAV:L/AC:L/Au:N/C:C/I:C/A:C

    v3: / HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    gophish

    GoPhish Login Page Detected – 34[.]49[.]82[.]229:443

    May 4, 2024
    gophish

    GoPhish Login Page Detected – 172[.]166[.]230[.]67:8443

    May 4, 2024
    gophish

    GoPhish Login Page Detected – 3[.]212[.]215[.]46:443

    May 4, 2024
    Sliver C2

    Sliver C2 Detected – 143[.]110[.]237[.]179:31337

    May 4, 2024
    CISA Logo

    CISA: CISA Adds One Known Exploited Vulnerability to Catalog

    May 4, 2024